CVE-2015-3762

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.10.5

Description The issue is related to an XML External Entity (XXE) problem in the Text Formats component, which can be exploited by remote attackers to read arbitrary files. This can be achieved through a text file containing an XML external entity declaration in conjunction with an entity reference. The vulnerability is associated with a lack of protection for service data, allowing a remote attacker to exploit it and read arbitrary files using a text file with XML references to external entities.

Recommendations For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Text Formats component in TextEdit until the update is applied. Avoid using the TextEdit application with untrusted text files until the issue is resolved.